Report - myetherevvalliet.com/https:/github.com/Azure/azure-powershell/releases/download/v11.5.0-April2024/Az-Cmdlets-11.5.0.38451-x64.msi

Report Overview

Submitted URL
myetherevvalliet.com/https:/github.com/Azure/azure-powershell/releases/download/v11.5.0-April2024/Az-Cmdlets-11.5.0.38451-x64.msi
IP
212.32.237.101
ASN
#60781 LeaseWeb Netherlands B.V.
Submitted
2024-04-26 07:05:48
Access
public
Website Title
Myetherevvalliet.com
Final URL
ww1.myetherevvalliet.com/?terms=cryptocurrency%20wallet%20app
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
14

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ww1.myetherevvalliet.com	unknown	2023-08-01	2023-09-06	2024-03-18	2.0 kB	39 kB	199.59.243.225
www.google.com	7	1997-09-15	2015-05-10	2024-03-23	436 B	75 kB	142.250.74.164
www.adsensecustomsearchads.com	unknown	2011-01-28	2015-09-02	2024-04-25	3.3 kB	196 kB	216.58.211.14
afs.googleusercontent.com	12123	2008-11-17	2013-05-06	2024-04-25	1.0 kB	2.1 kB	142.250.74.97
myetherevvalliet.com	unknown	2023-08-01	2019-07-21	2024-03-28	2.3 kB	1.6 kB	212.32.237.101

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	myetherevvalliet.com	Sinkholed
2024-04-25	medium	myetherevvalliet.com	Sinkholed
2024-04-25	medium	myetherevvalliet.com	Sinkholed
2024-04-25	medium	myetherevvalliet.com	Sinkholed
2024-04-25	medium	myetherevvalliet.com	Sinkholed
2024-04-25	medium	myetherevvalliet.com	Sinkholed
2024-04-25	medium	myetherevvalliet.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	www.adsensecustomsearchads.com/adsense/domains/caf.js	190 kB	2024-04-25	2024-05-01
Pretty URL www.adsensecustomsearchads.com/adsense/domains/caf.js IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 21:14:33 Last Seen2024-05-01 18:37:57 Times Seen538 Hash c2d9b33c5d99b68f56da7ead94cb7af4 7276cd027eac33645a0df1b53daf871a95321a12 d5886c81b0106330dc41a13bc5738b2ba002073716d73b2c30aa4b57285c190b Loading...

	ww1.myetherevvalliet.com/?terms=cryptocurrency%20wallet%20app	419 B	2024-04-26	2024-04-26
Pretty URL ww1.myetherevvalliet.com/?terms=cryptocurrency%20wallet%20app IP 199.59.243.225 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 09:05:49 Last Seen2024-04-26 09:05:49 Times Seen1 Hash fad7f185472cff40f147015c9a74af3b 7a0475e8263274724cde83f238b5d5dfad206576 f0f5e9fa0166f96d851b85394a2428f33e185fabbb807abdc0b792b5f2390a3f Loading...

	ww1.myetherevvalliet.com/bTmrfWYFV.js	34 kB	2024-04-22	2024-05-06
Pretty URL ww1.myetherevvalliet.com/bTmrfWYFV.js IP 199.59.243.225 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-22 21:49:17 Last Seen2024-05-06 21:59:52 Times Seen4286 Hash f48baec69cc4dc0852d118259eff2d56 e64c6e4423421da5b35700154810cb67160bc32b 463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c Loading...

	www.google.com/adsense/domains/caf.js?abp=1&bodis=true	190 kB	2024-04-25	2024-05-01
Pretty URL www.google.com/adsense/domains/caf.js?abp=1&bodis=true IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 21:14:33 Last Seen2024-05-01 13:34:14 Times Seen1050 Hash e7b471f5e630f0bd40846cb4cd1b00ca b5a756fd9a84cc2c086be1f7bafe2861d1b4b1b3 2c7ccea0b831c5624a9cd8f14a1fc7535dc3bfd23357ab7bd34f94c6ce8d50ce Loading...

	www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol307%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol428&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww1.myetherevvalliet.com%2F%3Fcaf%3D1%26terms%3Dcryptocurrency%2Bwallet%2Bapp&terms=cryptocurrency%20wallet%20app&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2298147197369106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301437%2C17301439%2C17301442&client_gdprApplies=1&format=r3&nocache=5471714115127024&num=0&output=afd_ads&domain_name=ww1.myetherevvalliet.com&v=3&bsl=8&pac=0&u_his=3&u_tz=0&dt=1714115127025&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=627058929&rurl=http%3A%2F%2Fww1.myetherevvalliet.com%2F%3Fterms%3Dcryptocurrency%2520wallet%2520app	646 B	2024-04-26	2024-04-26
Pretty URL www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol307%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol428&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww1.myetherevvalliet.com%2F%3Fcaf%3D1%26terms%3Dcryptocurrency%2Bwallet%2Bapp&terms=cryptocurrency%20wallet%20app&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2298147197369106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301437%2C17301439%2C17301442&client_gdprApplies=1&format=r3&nocache=5471714115127024&num=0&output=afd_ads&domain_name=ww1.myetherevvalliet.com&v=3&bsl=8&pac=0&u_his=3&u_tz=0&dt=1714115127025&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=627058929&rurl=http%3A%2F%2Fww1.myetherevvalliet.com%2F%3Fterms%3Dcryptocurrency%2520wallet%2520app IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 09:05:49 Last Seen2024-04-26 09:05:49 Times Seen1 Hash 9cc7951ca415462b34187c3a7e37bde8 e4abeaecb289bfecc159e9504ff9b148d8612e60 e8e38963fb965313ac437fa2994b426da5feaac3a4e606e4adb60bd19e8f4277 Loading...

HTTP Transactions (14)

URL IP Response Size

myetherevvalliet.com/https:/github.com/Azure/azure-powershell/releases/download/v11.5.0-April2024/Az-Cmdlets-11.5.0.38451-x64.msi

212.32.237.101

590 B

URL
myetherevvalliet.com/https:/github.com/Azure/azure-powershell/releases/download/v11.5.0-April2024/Az-Cmdlets-11.5.0.38451-x64.msi
IP
212.32.237.101:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
HTML document, ASCII text, with very long lines (590), with no line terminators
Size
590 B (590 bytes)
Hash
47b77d9666422bbde8baf7c004f6017f
4db2160d9b5410515b17be1c4fe39992307ab28d
d5b89606fdaeee873e1d02db55036788c89c10b8930b178f989001a8d9c9c7d6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /https:/github.com/Azure/azure-powershell/releases/download/v11.5.0-April2024/Az-Cmdlets-11.5.0.38451-x64.msi HTTP/1.1
Host: myetherevvalliet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
content-length: 590
content-type: text/html; charset=utf-8
date: Fri, 26 Apr 2024 07:05:24 GMT
server: Cowboy
set-cookie: sid=5aea121f-039b-11ef-9ab2-0bb1a0bfbc95; path=/; domain=.myetherevvalliet.com; expires=Wed, 14 May 2092 10:19:32 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2

myetherevvalliet.com/favicon.ico

212.32.237.101

9 B

URL
myetherevvalliet.com/favicon.ico
IP
212.32.237.101:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
ASCII text, with no line terminators
Size
9 B (9 bytes)
Hash
d8f4a1993546cc4b850cde3599e27aec
094b763b4cfcc0b05e5d040581cd513c3ca08067
907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: myetherevvalliet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://myetherevvalliet.com/https:/github.com/Azure/azure-powershell/releases/download/v11.5.0-April2024/Az-Cmdlets-11.5.0.38451-x64.msi
Cookie: sid=5aea121f-039b-11ef-9ab2-0bb1a0bfbc95
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
cache-control: max-age=0, private, must-revalidate
content-length: 9
date: Fri, 26 Apr 2024 07:05:25 GMT
server: Cowboy
X-Firefox-Spdy: h2

myetherevvalliet.com/https:/github.com/Azure/azure-powershell/releases/download/v11.5.0-April2024/Az-Cmdlets-11.5.0.38451-x64.msi?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxNDEyMjMyNSwiaWF0IjoxNzE0MTE1MTI1LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydjRzNTd2NTJraDZ2NnFvdjgyZm0zNjciLCJuYmYiOjE3MTQxMTUxMjUsInRzIjoxNzE0MTE1MTI1MTkwMDkxfQ.YF8EI_BmYH_BFxvZeKWYxamPkj6vxDUqVlr3zInbGy8&sid=5aea121f-039b-11ef-9ab2-0bb1a0bfbc95

212.32.237.101

302 Found

11 B

URL User Request GET HTTP/2
myetherevvalliet.com/https:/github.com/Azure/azure-powershell/releases/download/v11.5.0-April2024/Az-Cmdlets-11.5.0.38451-x64.msi?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxNDEyMjMyNSwiaWF0IjoxNzE0MTE1MTI1LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydjRzNTd2NTJraDZ2NnFvdjgyZm0zNjciLCJuYmYiOjE3MTQxMTUxMjUsInRzIjoxNzE0MTE1MTI1MTkwMDkxfQ.YF8EI_BmYH_BFxvZeKWYxamPkj6vxDUqVlr3zInbGy8&sid=5aea121f-039b-11ef-9ab2-0bb1a0bfbc95
IP
212.32.237.101:443
ASN
#60781 LeaseWeb Netherlands B.V.

Certificate
IssuerLet's Encrypt
Subjectmyetherevvalliet.com
FingerprintC2:96:EA:07:03:76:4C:6E:E5:85:69:DE:B2:2F:89:4A:05:52:15:82
ValidityFri, 05 Apr 2024 05:01:41 GMT - Thu, 04 Jul 2024 05:01:40 GMT

File type
ASCII text, with no line terminators
Size
11 B (11 bytes)
Hash
32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /https:/github.com/Azure/azure-powershell/releases/download/v11.5.0-April2024/Az-Cmdlets-11.5.0.38451-x64.msi?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxNDEyMjMyNSwiaWF0IjoxNzE0MTE1MTI1LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydjRzNTd2NTJraDZ2NnFvdjgyZm0zNjciLCJuYmYiOjE3MTQxMTUxMjUsInRzIjoxNzE0MTE1MTI1MTkwMDkxfQ.YF8EI_BmYH_BFxvZeKWYxamPkj6vxDUqVlr3zInbGy8&sid=5aea121f-039b-11ef-9ab2-0bb1a0bfbc95 HTTP/1.1
Host: myetherevvalliet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://myetherevvalliet.com/https:/github.com/Azure/azure-powershell/releases/download/v11.5.0-April2024/Az-Cmdlets-11.5.0.38451-x64.msi
Cookie: sid=5aea121f-039b-11ef-9ab2-0bb1a0bfbc95
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
cache-control: max-age=0, private, must-revalidate
content-length: 11
date: Fri, 26 Apr 2024 07:05:25 GMT
location: http://ww1.myetherevvalliet.com/?terms=cryptocurrency%20wallet%20app
server: Cowboy
set-cookie: sid=5aea121f-039b-11ef-9ab2-0bb1a0bfbc95; path=/; domain=.myetherevvalliet.com; expires=Wed, 14 May 2092 10:19:33 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2

ww1.myetherevvalliet.com/?terms=cryptocurrency%20wallet%20app

199.59.243.225

200 OK

1.2 kB

URL User Request GET HTTP/1.1
ww1.myetherevvalliet.com/?terms=cryptocurrency%20wallet%20app
IP
199.59.243.225:80
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (434)
Size
1.2 kB (1166 bytes)
Hash
2d4e953a7cc85879753ae1042cb02dbd
de7b11421dfe7d82f2b769afc4d26d16021944fa
356aef2b9fd8172e54963981fad1c99799e40a036eed40208eaf9d6654e88408

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?terms=cryptocurrency%20wallet%20app HTTP/1.1
Host: ww1.myetherevvalliet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Fri, 26 Apr 2024 07:05:26 GMT
content-type: text/html; charset=utf-8
content-length: 1166
x-request-id: 43ff567f-f6c4-403b-a3a9-f081a8565528
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_ETF/Udku7B7HGmckhb9rX8r3K7XrXA4y8excn9WTuafWxhLGg+xOQn9c7YQ3amjYfsUZAsnorlnzjUOdKlzI+g==
set-cookie: parking_session=43ff567f-f6c4-403b-a3a9-f081a8565528; expires=Fri, 26 Apr 2024 07:20:26 GMT; path=/

ww1.myetherevvalliet.com/bTmrfWYFV.js

199.59.243.225

200 OK

34 kB

URL GET HTTP/1.1
ww1.myetherevvalliet.com/bTmrfWYFV.js
IP
199.59.243.225:80
ASN
#16509 AMAZON-02

Requested by
http://ww1.myetherevvalliet.com/?terms=cryptocurrency%20wallet%20app

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (33788)
Size
34 kB (33791 bytes)
Hash
f48baec69cc4dc0852d118259eff2d56
e64c6e4423421da5b35700154810cb67160bc32b
463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bTmrfWYFV.js HTTP/1.1
Host: ww1.myetherevvalliet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww1.myetherevvalliet.com/?terms=cryptocurrency%20wallet%20app
Cookie: parking_session=43ff567f-f6c4-403b-a3a9-f081a8565528
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Fri, 26 Apr 2024 07:05:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 33791
x-request-id: 137c7128-945b-403e-a8d8-8a298d276153
set-cookie: parking_session=43ff567f-f6c4-403b-a3a9-f081a8565528; expires=Fri, 26 Apr 2024 07:20:26 GMT

ww1.myetherevvalliet.com/_fd?terms=cryptocurrency%20wallet%20app

199.59.243.225

200 OK

2.1 kB

URL POST HTTP/1.1
ww1.myetherevvalliet.com/_fd?terms=cryptocurrency%20wallet%20app
IP
199.59.243.225:80
ASN
#16509 AMAZON-02

Requested by
http://ww1.myetherevvalliet.com/?terms=cryptocurrency%20wallet%20app

File type
ASCII text, with very long lines (4129), with no line terminators
Size
2.1 kB (2098 bytes)
Hash
e897564f3a4d80a5f3bb7180c98ea535
811a9efac0ecbfedede85082f802edf1f5e71b99
e6929d23212730995ef8c4048e5b4022f7e0c656549157c6846ad18a08ba58c0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_fd?terms=cryptocurrency%20wallet%20app HTTP/1.1
Host: ww1.myetherevvalliet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww1.myetherevvalliet.com/?terms=cryptocurrency%20wallet%20app
Content-Type: application/json
Origin: http://ww1.myetherevvalliet.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=43ff567f-f6c4-403b-a3a9-f081a8565528
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
server: openresty
date: Fri, 26 Apr 2024 07:05:26 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 2098
x-version: 2.118.0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: parking_session=43ff567f-f6c4-403b-a3a9-f081a8565528; expires=Fri, 26 Apr 2024 07:20:26 GMT; Max-Age=900; path=/; httponly

www.google.com/adsense/domains/caf.js?abp=1&bodis=true

142.250.74.164

200 OK

75 kB

URL GET HTTP/2
www.google.com/adsense/domains/caf.js?abp=1&bodis=true
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
http://ww1.myetherevvalliet.com/?terms=cryptocurrency%20wallet%20app
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintCD:48:2A:0C:60:1D:37:5A:D4:D5:A9:F7:DE:A0:2B:5E:2F:29:76:73
ValidityMon, 18 Mar 2024 20:38:49 GMT - Mon, 10 Jun 2024 20:38:48 GMT

File type
gzip compressed data, max compression
Size
75 kB (74578 bytes)
Hash
afc0697780d779d24a4b22bf0de0e22c
571fda8f20d282c32c5a60ad9e1c28456364e2f9
604c415df918d0c16289756426cd1429aade0fcbdb09321ae8346ad06909f014

HTTP Headers

GET /adsense/domains/caf.js?abp=1&bodis=true HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww1.myetherevvalliet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Fri, 26 Apr 2024 07:05:26 GMT
expires: Fri, 26 Apr 2024 07:05:26 GMT
cache-control: private, max-age=3600
etag: "10287402930606056118"
x-content-type-options: nosniff
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol307%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol428&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww1.myetherevvalliet.com%2F%3Fcaf%3D1%26terms%3Dcryptocurrency%2Bwallet%2Bapp&terms=cryptocurrency%20wallet%20app&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2298147197369106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301437%2C17301439%2C17301442&client_gdprApplies=1&format=r3&nocache=5471714115127024&num=0&output=afd_ads&domain_name=ww1.myetherevvalliet.com&v=3&bsl=8&pac=0&u_his=3&u_tz=0&dt=1714115127025&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=627058929&rurl=http%3A%2F%2Fww1.myetherevvalliet.com%2F%3Fterms%3Dcryptocurrency%2520wallet%2520app

216.58.211.14

200 OK

2.6 kB

URL GET HTTP/2
www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol307%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol428&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww1.myetherevvalliet.com%2F%3Fcaf%3D1%26terms%3Dcryptocurrency%2Bwallet%2Bapp&terms=cryptocurrency%20wallet%20app&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2298147197369106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301437%2C17301439%2C17301442&client_gdprApplies=1&format=r3&nocache=5471714115127024&num=0&output=afd_ads&domain_name=ww1.myetherevvalliet.com&v=3&bsl=8&pac=0&u_his=3&u_tz=0&dt=1714115127025&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=627058929&rurl=http%3A%2F%2Fww1.myetherevvalliet.com%2F%3Fterms%3Dcryptocurrency%2520wallet%2520app
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
http://ww1.myetherevvalliet.com/?terms=cryptocurrency%20wallet%20app
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint49:07:4A:21:AA:02:3C:78:A7:B4:D3:71:AA:98:EE:0F:2D:3F:5C:99
ValidityMon, 18 Mar 2024 19:42:57 GMT - Mon, 10 Jun 2024 19:42:56 GMT

File type
HTML document, ASCII text, with very long lines (13177)
Size
2.6 kB (2578 bytes)
Hash
15a1cc56715c5c6c182c71adc497f93b
03ca647def988d7bc89dbef11cee6b1d1a73e473
eaa2c253e149e6e213bbab8bc4577671ffc375aa4650bb5acbe88ccd0d36587e

HTTP Headers

GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol307%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol428&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww1.myetherevvalliet.com%2F%3Fcaf%3D1%26terms%3Dcryptocurrency%2Bwallet%2Bapp&terms=cryptocurrency%20wallet%20app&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2298147197369106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301437%2C17301439%2C17301442&client_gdprApplies=1&format=r3&nocache=5471714115127024&num=0&output=afd_ads&domain_name=ww1.myetherevvalliet.com&v=3&bsl=8&pac=0&u_his=3&u_tz=0&dt=1714115127025&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=627058929&rurl=http%3A%2F%2Fww1.myetherevvalliet.com%2F%3Fterms%3Dcryptocurrency%2520wallet%2520app HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww1.myetherevvalliet.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Fri, 26 Apr 2024 07:05:27 GMT
expires: Fri, 26 Apr 2024 07:05:27 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-bLXFbzokWxrxxdhnN-ge5A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 2578
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ww1.myetherevvalliet.com/_tr

199.59.243.225

200 OK

22 B

URL POST HTTP/1.1
ww1.myetherevvalliet.com/_tr
IP
199.59.243.225:80
ASN
#16509 AMAZON-02

Requested by
http://ww1.myetherevvalliet.com/?terms=cryptocurrency%20wallet%20app

File type
ASCII text, with no line terminators
Size
22 B (22 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /_tr HTTP/1.1
Host: ww1.myetherevvalliet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww1.myetherevvalliet.com/?terms=cryptocurrency%20wallet%20app
Content-Type: application/json
Content-Length: 1865
Origin: http://ww1.myetherevvalliet.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=43ff567f-f6c4-403b-a3a9-f081a8565528
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
server: openresty
date: Fri, 26 Apr 2024 07:05:27 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
content-length: 22
x-version: 2.118.0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: parking_session=43ff567f-f6c4-403b-a3a9-f081a8565528; expires=Fri, 26 Apr 2024 07:20:27 GMT; Max-Age=900; path=/; httponly

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff

142.250.74.97

200 OK

278 B

URL GET HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol307%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol428&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww1.myetherevvalliet.com%2F%3Fcaf%3D1%26terms%3Dcryptocurrency%2Bwallet%2Bapp&terms=cryptocurrency%20wallet%20app&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2298147197369106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301437%2C17301439%2C17301442&client_gdprApplies=1&format=r3&nocache=5471714115127024&num=0&output=afd_ads&domain_name=ww1.myetherevvalliet.com&v=3&bsl=8&pac=0&u_his=3&u_tz=0&dt=1714115127025&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=627058929&rurl=http%3A%2F%2Fww1.myetherevvalliet.com%2F%3Fterms%3Dcryptocurrency%2520wallet%2520app
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint6E:66:E1:45:85:5C:3A:EB:60:4A:8E:EF:62:B8:7C:E3:C7:1B:FA:47
ValidityMon, 18 Mar 2024 20:34:07 GMT - Mon, 10 Jun 2024 20:34:06 GMT

File type
SVG Scalable Vector Graphics image
Size
278 B (278 bytes)
Hash
fe7dd8c3c629cc6e9cd6d3e4d3cbe905
59ef3b8e4a17169a4cb45fba65bf0d2bf49c8a18
5455d8d4b8ae5150039ff7a83a6679d4338a435945985fa9f8d0ecbea9ae2f6e

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.adsensecustomsearchads.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 278
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 26 Apr 2024 06:08:35 GMT
expires: Sat, 27 Apr 2024 05:08:35 GMT
cache-control: public, max-age=82800
last-modified: Tue, 27 Jun 2023 17:28:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
age: 3412
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b

142.250.74.97

200 OK

174 B

URL GET HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol307%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol428&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww1.myetherevvalliet.com%2F%3Fcaf%3D1%26terms%3Dcryptocurrency%2Bwallet%2Bapp&terms=cryptocurrency%20wallet%20app&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2298147197369106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301437%2C17301439%2C17301442&client_gdprApplies=1&format=r3&nocache=5471714115127024&num=0&output=afd_ads&domain_name=ww1.myetherevvalliet.com&v=3&bsl=8&pac=0&u_his=3&u_tz=0&dt=1714115127025&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=627058929&rurl=http%3A%2F%2Fww1.myetherevvalliet.com%2F%3Fterms%3Dcryptocurrency%2520wallet%2520app
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint6E:66:E1:45:85:5C:3A:EB:60:4A:8E:EF:62:B8:7C:E3:C7:1B:FA:47
ValidityMon, 18 Mar 2024 20:34:07 GMT - Mon, 10 Jun 2024 20:34:06 GMT

File type
SVG Scalable Vector Graphics image
Size
174 B (174 bytes)
Hash
d47125b2ba92be53dcff07ba322ce1de
e4a70c8a133bacf1699fdfa4c10e24ed5b3e0c28
5a0687ea8c9aa404a7724490f046e30023ec6b5aa81d01ae4f225889a64174f6

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.adsensecustomsearchads.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 26 Apr 2024 01:52:44 GMT
expires: Sat, 27 Apr 2024 00:52:44 GMT
cache-control: public, max-age=82800
age: 18763
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.adsensecustomsearchads.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=rdwm0z4wfa42&aqid=N1IrZv3nBomtxdwPuZqykAo&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=627058929&csala=5%7C0%7C394%7C89%7C17&lle=0&ifv=1&hpt=0

216.58.211.14

204 No Content

0 B

URL GET HTTP/3
www.adsensecustomsearchads.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=rdwm0z4wfa42&aqid=N1IrZv3nBomtxdwPuZqykAo&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=627058929&csala=5%7C0%7C394%7C89%7C17&lle=0&ifv=1&hpt=0
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
http://ww1.myetherevvalliet.com/?terms=cryptocurrency%20wallet%20app
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint49:07:4A:21:AA:02:3C:78:A7:B4:D3:71:AA:98:EE:0F:2D:3F:5C:99
ValidityMon, 18 Mar 2024 19:42:57 GMT - Mon, 10 Jun 2024 19:42:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=rdwm0z4wfa42&aqid=N1IrZv3nBomtxdwPuZqykAo&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=627058929&csala=5%7C0%7C394%7C89%7C17&lle=0&ifv=1&hpt=0 HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww1.myetherevvalliet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-615vRSM10sO4vObrV_mClQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Fri, 26 Apr 2024 07:05:29 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.adsensecustomsearchads.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=rkse326tp4jd&aqid=N1IrZv3nBomtxdwPuZqykAo&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=627058929&csala=5%7C0%7C394%7C89%7C17&lle=0&ifv=1&hpt=0

216.58.211.14

204 No Content

0 B

URL GET HTTP/3
www.adsensecustomsearchads.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=rkse326tp4jd&aqid=N1IrZv3nBomtxdwPuZqykAo&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=627058929&csala=5%7C0%7C394%7C89%7C17&lle=0&ifv=1&hpt=0
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
http://ww1.myetherevvalliet.com/?terms=cryptocurrency%20wallet%20app
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint49:07:4A:21:AA:02:3C:78:A7:B4:D3:71:AA:98:EE:0F:2D:3F:5C:99
ValidityMon, 18 Mar 2024 19:42:57 GMT - Mon, 10 Jun 2024 19:42:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=rkse326tp4jd&aqid=N1IrZv3nBomtxdwPuZqykAo&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=627058929&csala=5%7C0%7C394%7C89%7C17&lle=0&ifv=1&hpt=0 HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww1.myetherevvalliet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-V49pknM7EphEVKB-rXpL7A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Fri, 26 Apr 2024 07:05:29 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.adsensecustomsearchads.com/adsense/domains/caf.js

216.58.211.14

200 OK

190 kB

URL GET HTTP/3
www.adsensecustomsearchads.com/adsense/domains/caf.js
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol307%2Cpid-bodis-gcontrol151%2Cpid-bodis-gcontrol428&client=dp-bodis30_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww1.myetherevvalliet.com%2F%3Fcaf%3D1%26terms%3Dcryptocurrency%2Bwallet%2Bapp&terms=cryptocurrency%20wallet%20app&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2298147197369106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301437%2C17301439%2C17301442&client_gdprApplies=1&format=r3&nocache=5471714115127024&num=0&output=afd_ads&domain_name=ww1.myetherevvalliet.com&v=3&bsl=8&pac=0&u_his=3&u_tz=0&dt=1714115127025&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=922&frm=0&uio=-&cont=rs&drt=0&jsid=caf&jsv=627058929&rurl=http%3A%2F%2Fww1.myetherevvalliet.com%2F%3Fterms%3Dcryptocurrency%2520wallet%2520app
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint49:07:4A:21:AA:02:3C:78:A7:B4:D3:71:AA:98:EE:0F:2D:3F:5C:99
ValidityMon, 18 Mar 2024 19:42:57 GMT - Mon, 10 Jun 2024 19:42:56 GMT

File type
JavaScript source, ASCII text, with very long lines (2247)
Size
190 kB (190526 bytes)
Hash
c2d9b33c5d99b68f56da7ead94cb7af4
7276cd027eac33645a0df1b53daf871a95321a12
d5886c81b0106330dc41a13bc5738b2ba002073716d73b2c30aa4b57285c190b

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.adsensecustomsearchads.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Fri, 26 Apr 2024 07:05:27 GMT
expires: Fri, 26 Apr 2024 07:05:27 GMT
cache-control: private, max-age=3600
etag: "556743250121084448"
x-content-type-options: nosniff
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (14)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP